The Internet of Things Will Save (or Kill) Us All…

Last week I had the privilege of speaking at the Internet of Things Legal and Business forum in San Francisco. We had a very smart group in the room – senior business and legal advisers from major companies like Qualcomm, Hyundai, Intel, Home Depot, etc. And as seems to happen more and more these days, during our discussion a central theme emerged regarding one true tension of the present (and future) of the Internet of Things: IoT will bring great, amazing and valuable solutions to our lives, which can also be used to harm, threaten and kill us.

Consider, by way of example, the absolutely awful and tragic Germanwings Flight 9525 air disaster last month. The suicidal co-pilot onboard that aircraft was intent on crashing the plane and killing himself and all those onboard. The plane he was piloting ‘knew’ it was headed for a crash – altitude, airspeed and other indicators captured data from sensors and issued warnings. Of course, those warnings were intentionally ignored, but what if instead of warning the co-pilot, the plane had ascended to a safe altitude and contacted ground control for instructions? CNN did an article in the wake of the disaster featuring this same discussion. It seems that not only is this IoT technology available right now, it has been for years and would have, as former Department of Transportation Inspector General Mary Schiavo put it, “saved the flight.” (Source: Could autopilot technology have saved Germanwings Flight 9525?, Matthew Hoye and Rene Marsh, CNN, April 25, 2015).

CNN germanwings
“With reports that Lubitz apparently ignored those warnings, there are new calls from aviation experts to develop and deploy enhanced crash avoidance software that could take control of an aircraft away from a pilot and steer the plane to a safe altitude.”


But then here comes the inevitable counter: sure, an IoT-capable, connected plane could be used to save hundreds of lives, but what if someone ‘hacks’ the plane and crashes it intentionally? What if evil-doers take control of the technology (and crash IoT connected planes all around the world)?

I get the same response/argument when I tell folks about IoT-medical devices, like the revolutionary MicroCHIPS, Inc. wirelessly controlled implantable device that dispenses needed medicine to a patient on a set schedule or on command. The device is ideal for the chronically ill, many of whom have a great deal of trouble sticking to a medicine regimen.  They call this “non-adherence,” by the way, and it costs up to 125,00 lives and $13.35 billion per year, according to some estimates. (Source:The challenge of patient adherence, Ther Clin Risk Manag. 2005 Sep; 1(3): 189–199, published online 2005 Sep.).

It could also be hacked – critics say – to cause harm to the patient by releasing all of the drugs at once. If you’re a fan of the television show Homeland, this will evoke memories of the Broken Hearts episode (Season 2) in which a murder is carried out remotely of an elected official by way of hacking his pacemaker.

Microchips medical device
“Pharmacies-on-a-chip could someday dispense a whole suite of drugs, at pre-programmed doses and at specific times.”


In short, every time I talk about the power and value of the Internet of Things, someone questions that power and value by pointing out (rightly, I might add) the potential for abuse and the need for security. With that said, however, is that really a case to not move ahead? Should we decide not to embrace technologies like IoT, because they could be used against us?

There were people who vigorously objected to and questioned the technology of airbags; yet today they’ve saved the lives of millions. Same thing with seatbelts – some actually contended use of in-car restraints would make us less safe (encourage crazy driving, and all that).

The simple truth is that the Internet of Things does portend incredible promise. It will change lives and provide advances in medicine, travel, energy and almost every other industry or sector you can think of. And at the same time, IoT does present significant risk. That leaves it up to businesses of all shapes and sizes to innovate and create IoT solutions while also  ensuring the security and safety of the advances they bring about. Companies that get this right will not only benefit at the bottom line, but also will serve as models for what’s possible when operating from a constitution of social responsibility, awareness and dedication to the people they serve.

AT&T Fined $25 million for Datasecurity Breaches

Earlier this week, the Federal Communications Commission (@FCC) hit AT&T with a $25 million fine for data security breaches. The fine was the largest ever levied by the FCC as part of a data security action.

According to the Washington Post, the breaches occurred in AT&T’s foreign call centers in Mexico, Colombia and the Philippines and resulted in the exposure of “hundreds of thousands of customer records, including names, phone numbers and some Social Security numbers.” (Source: Washington Post, “AT&T will pay $25 million after call-center workers sold customer data,” April 8, 2015).

WaPo ATT article
$25 million fine against AT&T marks the FCC’s largest data security action ever.

“As many as 279,000 AT&T customers may have been affected by the unauthorized leaks, regulators said. Those customers will receive free credit monitoring as part of the official settlement. The agreement also requires at AT&T to appoint a privacy official who will review the company’s policies and strengthen its security.” (emphasis added).

The fine is not only an indicator of the mounting and increasing costs associated with data breaches, but also a reminder of how vendors constitute a significant data security exposure: three AT&T contractors improperly used 68,000 customer records to request more than 290,000 unlock codes from AT&T.

Despite the fact that the FCC fine was the largest in its history for a data security breach, some experts called the fine inadequate. Chris Conacher, director of security research and development at cybersecurity vendor Tripwire (@TripwireInc), said the fine amounted to a “slap on the wrist” for AT&T. (Source: Computerworld, “AT&T’s data breach settlement called a ‘slap on the wrist’,” April 9, 2015).


AT&T reported revenue of $34.4 billion for the fourth quarter of 2014, alone.

It is likely that AT&T won’t feel much of an impact from this fine; however, for companies without the carrier’s vast reach, resources or balance sheet, the FCC fine is a stark reminder that data security breaches do come with a cost, and that companies would do well to sure up their defenses and choose their partners wisely when it comes to protecting their information and that of their customers.